LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 01-03-2018, 09:39 PM   #466
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,727

Rep: Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235

Quote:
Originally Posted by montagdude View Post
Any confirmation on whether this is indeed the KPTI vulnerability or something else?
Well, looks like Google made a full disclosure: https://spectreattack.com/

KPTI (with its assorted slowdowns) protects against Meltdown (which looks very easy to exploit even for script kiddies), and it is literally specific to Intel CPUs, roughly all of them from the last 20 years.

To be read: the sh*t hit on the fan like in the old FDIV days.

There is a second issue: Spectre and it haunts all of us, either owners of Intel, AMD, and even ARM (then our smartphones), but is just an theoretical attack, very difficult to implement for real.

Last edited by Darth Vader; 01-03-2018 at 09:44 PM.
 
1 members found this post helpful.
Old 01-03-2018, 10:15 PM   #467
montagdude
Senior Member
 
Registered: Apr 2016
Distribution: Slackware
Posts: 1,460

Rep: Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087
Okay, but I think the Intel ME error is something else entirely, so if the diagnostic tool linked previously says your machine is not vulnerable, that does not mean it is safe from the Meltdown/Spectre vulnerability.
 
1 members found this post helpful.
Old 01-03-2018, 10:19 PM   #468
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,727

Rep: Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235
Quote:
Originally Posted by montagdude View Post
Okay, but I think the Intel ME error is something else entirely, so if the diagnostic tool linked previously says your machine is not vulnerable, that does not mean it is safe from the Meltdown/Spectre vulnerability.
Yeah, looks like this Intel tool check for entirely another issue.

Basically is affected by Meltdown any Intel processor since 1995 excluding the Intel Itanium and Intel Atom before 2013. And it can be exploited by any "become hacker in 3 days" rookie readers.

And by Spectre is affected any processor alive and kicking around us, from smartphones to Ryzens and I9s. Luckily this one looks like an theoretical attack, really difficult to implement.

Last edited by Darth Vader; 01-03-2018 at 10:26 PM.
 
1 members found this post helpful.
Old 01-03-2018, 10:27 PM   #469
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1|.2}
Posts: 4,991
Blog Entries: 11

Rep: Reputation: 2920Reputation: 2920Reputation: 2920Reputation: 2920Reputation: 2920Reputation: 2920Reputation: 2920Reputation: 2920Reputation: 2920Reputation: 2920Reputation: 2920
Quote:
Originally Posted by montagdude View Post
Okay, but I think the Intel ME error is something else entirely, so if the diagnostic tool linked previously says your machine is not vulnerable, that does not mean it is safe from the Meltdown/Spectre vulnerability.
That is my understanding as well. Unless I have missed another post with links to another tool, the tool linked in post #434 is for one of the many ME problems and will not detect the kernel page vulnerability.
 
Old 01-03-2018, 10:29 PM   #470
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,727

Rep: Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235
Quote:
Originally Posted by astrogeek View Post
That is my understanding as well. Unless I have missed another post with links to another tool, the tool linked in post #434 is for one of the many ME problems and will not detect the kernel page vulnerability.
Nope, the vulnerabilities cannot be detected, they just exists everywhere. It is simple:

All hardly modern Intel CPUs are affected by Meltdown (easy to exploit), while all hardly modern CPUs (including the Intel ones) are affected by Spectre (really hard to exploit).

Last edited by Darth Vader; 01-03-2018 at 10:33 PM.
 
Old 01-03-2018, 10:56 PM   #471
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,727

Rep: Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235
Anyway, I wonder if the CONFIG_PAGE_TABLE_ISOLATION is available only for x86_64.

I do not find it in our 32-bit kernel configs.
 
Old 01-04-2018, 12:20 AM   #472
Drakeo
Senior Member
 
Registered: Jan 2008
Location: Urbana IL
Distribution: Slackware, Slacko,
Posts: 3,639
Blog Entries: 3

Rep: Reputation: 467Reputation: 467Reputation: 467Reputation: 467Reputation: 467
thats what I think.
care less about the patch if you going to be a stable developer. last time was minor xorg warning. This is who cares about Slackware PAT?
https://www.linuxquestions.org/quest...ml#post5801492
 
Old 01-04-2018, 04:14 AM   #473
slalik
Member
 
Registered: Nov 2014
Location: Moscow, Russia
Distribution: Slackware
Posts: 160

Rep: Reputation: 92
There is Intel’s response https://newsroom.intel.com/news/inte...arch-findings/. It claims that, unfortunately, AMD and ARM are affected to some degree. The Linode blog https://blog.linode.com/2018/01/03/c...tdown-spectre/ tells the same.

These are vulnerabilities CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754 disclosed by Google’s Project Zero https://googleprojectzero.blogspot.f...with-side.html

The above INTEL-SA-00086 Detection Tool is about CVE-2017-5711 and CVE-2017-5712, completely unrelated. (BTW, this is also a serious security problem in ME, TXE, and SPS discovered by the Positive Technologies Research https://www.ptsecurity.com/ww-en/. This should be fixed by a bios update.)
 
1 members found this post helpful.
Old 01-04-2018, 01:14 PM   #474
GazL
Senior Member
 
Registered: May 2008
Posts: 4,952
Blog Entries: 15

Rep: Reputation: 2559Reputation: 2559Reputation: 2559Reputation: 2559Reputation: 2559Reputation: 2559Reputation: 2559Reputation: 2559Reputation: 2559Reputation: 2559Reputation: 2559
4.14.12 is already in review and comprises of 14 commits including a number of PTI related fixes. If you've not already built/installed 4.14.11 you might want to consider delaying and save yourself some effort.

E.T.A. somewhere around the weekend.
 
1 members found this post helpful.
Old 01-04-2018, 02:26 PM   #475
OldHolborn
Member
 
Registered: Jul 2012
Distribution: Slackware
Posts: 176

Rep: Reputation: 148Reputation: 148
20+ years worth of mistake from the world's biggest chip company with possibly the world's best chip designers and not one said "but what if?"

Maybe with cpus speeding up by only 10/20% per generation and the workaround for this being in the -5/-30% you have to wonder if one would be told to shut up and go resit Marketing 101.

Just wondering

Last edited by OldHolborn; 01-04-2018 at 02:27 PM. Reason: picking words carefully!
 
2 members found this post helpful.
Old 01-04-2018, 02:54 PM   #476
_peter
Member
 
Registered: Sep 2014
Distribution: slackware
Posts: 39

Rep: Reputation: Disabled
Quote:
Originally Posted by OldHolborn View Post
20+ years worth of mistake from the world's biggest chip company with possibly the world's best chip designers and not one said "but what if?"
yes, the possibly world best chip designers don't necessarily want to work at intel because its mostly boring, albeit necessary, digital design
besides the best ones make mistakes too, actually there are probably no issues with the hardwired logic ckt which is part of the security flaw except that it's part of a complex circuit architecture that is impossible to fully simulate.

for me the facts here are a pretty good meltdown of the system architects over-sighting the ip features and limitations.
 
1 members found this post helpful.
Old 01-04-2018, 05:11 PM   #477
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib" & Xfce.
Posts: 4,579

Original Poster
Blog Entries: 1

Rep: Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892Reputation: 1892
Quote:
Originally Posted by cwizardone View Post
......
First, I tried the huge kernel and it panicked and froze.
Then I tried the generic kernel and created a initrd, and that booted, but now the Nvidia driver, neither short or long term, will install.....
The rebuilt huge 4.14.11 kernel and the new Nvidia Long Term driver-384.111 are installed and working well..... so far.
 
1 members found this post helpful.
Old 01-05-2018, 04:23 AM   #478
slalik
Member
 
Registered: Nov 2014
Location: Moscow, Russia
Distribution: Slackware
Posts: 160

Rep: Reputation: 92
Looks like Intel is releasing some microcode updates related to meltdown. Debian has "a partial, unofficial set of updates" https://bugs.debian.org/cgi-bin/bugr...?bug=886367#17.

Also, yesterday I upgraded bios for the mei bug, and as a byproduct the microcode was also upgraded.
 
2 members found this post helpful.
Old 01-05-2018, 09:01 AM   #479
Petri Kaukasoina
Member
 
Registered: Mar 2007
Posts: 393

Rep: Reputation: 247Reputation: 247Reputation: 247
Quote:
Originally Posted by GazL View Post
Released.
 
2 members found this post helpful.
Old 01-05-2018, 09:23 AM   #480
kjhambrick
Senior Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 14.2 + Multilib
Posts: 1,483

Rep: Reputation: 915Reputation: 915Reputation: 915Reputation: 915Reputation: 915Reputation: 915Reputation: 915Reputation: 915
All --

Kernels 4.14.12, 4.9.75 and 4.4.110 are now available.

Handy Links:
Code:
stable:    4.14.12 Source ChangeLog 2018-01-05 ( Slackware-current extra )
longterm:  4.9.75  Source ChangeLog 2018-01-05 ( Slackware-current )
longterm:  4.4.110 Source ChangeLog 2018-01-05 ( Slackware-14.2 )
No CVE References were found for 4.14.12, 4.9.75 or 4.4.110

As always, do check the ChangeLogs for other security-related fixes.

Check for the Latest Updates at www.kernel.org.

Have Fun All'Y'All !

-- kjh

edit ... from the 4.4.110 ChangeLog:
Code:
commit bfd51a4d715b6ef44bd01b9fbfc13da936f93d76
Author: Kees Cook <[email protected]>
Date:   Wed Jan 3 10:43:32 2018 -0800

    KPTI: Report when enabled
    
    Make sure dmesg reports when KPTI is enabled.
    
    Signed-off-by: Kees Cook <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

commit 3e1457d6bf26d9ec300781f84cd0057e44deb45d
Author: Kees Cook <[email protected]>
Date:   Wed Jan 3 10:43:15 2018 -0800

    KPTI: Rename to PAGE_TABLE_ISOLATION
    
    This renames CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION.
    
    Signed-off-by: Kees Cook <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

Last edited by kjhambrick; 01-05-2018 at 09:25 AM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux.conf.au: Latest Linux kernel release due early March DragonSlayer48DX Linux - News 0 01-18-2010 10:43 PM
No video on latest kernel release Tralce Linux - Kernel 3 11-30-2006 07:48 AM
What is the latest Redhat release TILEMANN Linux - Software 5 11-20-2006 10:48 PM
LXer: News: OpenVZ To Release Support, Patches for Latest Kernel LXer Syndicated Linux News 0 11-01-2006 10:54 PM
latest debian release? doralsoral Linux - Software 5 12-25-2004 12:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration